package com.dmcloud.zuul.security;

import org.apache.commons.lang.builder.ReflectionToStringBuilder;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.http.AccessTokenRequiredException;
import org.springframework.stereotype.Service;

import javax.servlet.http.HttpServletRequest;

/**
 * Created by xiaodao
 * date: 2020/3/28
 */
@Service
public class PermissionServiceImpl implements PermissionService {
    /**
     * 这里调用远程服务 或者查询数据库 redis 等判断权限是否可以用
     * @param request
     * @param authentication
     * @return
     */
    @Override
    public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
        //TODO 这里可以进行 远程校验权限
        System.err.println(request.getRequestURI());
        System.err.println(ReflectionToStringBuilder.toString(authentication));
        if(authentication instanceof AnonymousAuthenticationToken){
            throw new AccessTokenRequiredException(null);
        }

        return true;
    }
}
